Hacked: Two-Factor Authentication

You’ve probably heard of a lot of cyber attacks that happened in 2018, along with new malware and several cases of ransomware. Security has been more of an issue because of the total amounts of attacks against not just the big companies but, small and medium-sized businesses. It’s when you see those attacks that you want to take action.

One of the easiest ways to counter some of these attacks is enabling two-factor authentication. When logging in to your system, a code will be sent to the user’s mobile phone that is needed in addition to their username and password. This is a great way to add another layer of security when you are trying to take action against cybercriminals. But, what if the two-factor authentication you set up is also vulnerable?

Recently, an expert found that a smart attacker could get access to your account and the tool that was created for these attacks was made public. How does it work? These criminals are sending emails that look real and are asking the recipient to click on a link. The link then directs them to a website that looks real and asks for them to input their credentials. However, what the site is doing is getting those login credentials and storing them on the hacker’s server where they can obtain the session cookie. That’s all it takes for them to have that access to your account.

Two-factor authentication is still a great layer of security, but here are some tips so that you do not become a victim of the above scenario:

Visit Websites Directly

You may occasionally get links in emails from companies that you use, however, you should never click on them from the email. For instance, if you get an email that has a new message in one of the accounts, you should open a new tab and type in the URL directly. From there you can check the message center.


Check the sender. Usually you can spot some oddities in the sending address such as a slightly misspelled domain or the email is from a generic @gmail.com or @yahoo.com address. Companies typically send email from their own domain so this should be a giveaway that there is something wrong with the email that was sent.


If the email comes across as something that needs to be taken care of right away, it may be malicious. Hackers tend to use this tactic to stray your focus from the content of the email and make you click on a link faster. Be cautious of these attempts.

Check the Link

When you hover your mouse over the words that have links embedded in them, you will see the actual URL that you’re about to visit. Even if it looks like a legitimate email or website, go ahead and double check the links because you can not be too careful.

Aside from the above tips, some users tend to add a physical layer of security to replace two-factor authentication called security keys. These security keys look like a key chain, contain a hardware chip and connect via Bluetooth or USB.

Practicing these tips can help ensure that you do not fall victim to these hackers. It can be hard and irritating to have to be cautious of the above, but the truth is that hackers are here to stay and we need to change some of our habits for our own safety.

Protect Your Business Data

We are passionate about helping our customers protect their data. We want you to use Jungle Disk to protect yours. Click on Sign Up to get started. It takes less than 5 minutes!

Sign Up